From 5abc90b947527e9a3e2daa0a8110515837b54668 Mon Sep 17 00:00:00 2001
From: David Baker <dbkr@matrix.org>
Date: Thu, 16 Apr 2015 19:57:32 +0100
Subject: [PATCH] Store signing keys in the same new format as synapse does,
 and convert old ones.

---
 sydent/sign/ed25519.py | 41 ++++++++++++++++++++++++++++++++---------
 1 file changed, 32 insertions(+), 9 deletions(-)

diff --git a/sydent/sign/ed25519.py b/sydent/sign/ed25519.py
index ff7a3dfc..ce50a190 100644
--- a/sydent/sign/ed25519.py
+++ b/sydent/sign/ed25519.py
@@ -18,6 +18,8 @@
 import nacl.signing
 import nacl.exceptions
 
+import syutil.crypto.signing_key
+
 import logging
 
 logger = logging.getLogger(__name__)
@@ -26,16 +28,37 @@ class SydentEd25519:
     def __init__(self, syd):
         self.sydent = syd
 
-        skHex = self.sydent.cfg.get('crypto', 'ed25519.signingkey')
-        if skHex != '':
-            self.signing_key = nacl.signing.SigningKey(skHex, encoder=nacl.encoding.HexEncoder)
-            self.signing_key.version = '0' # temp fix for API change
-        else:
+        save_key = False
+
+        sk_str = self.sydent.cfg.get('crypto', 'ed25519.signingkey')
+        sk_parts = sk_str.split(' ')
+
+        if sk_str == '':
             logger.info("This server does not yet have an ed25519 signing key. "+
                         "Creating one and saving it in the config file.")
+            self.signing_key = syutil.crypto.signing_key.generate_singing_key("0")
+            save_key = True
+        elif len(sk_parts) == 1:
+            # old format key
+            logger.info("Updating signing key format: brace yourselves")
+            self.signing_key = nacl.signing.SigningKey(sk_str, encoder=nacl.encoding.HexEncoder)
+            self.signing_key.version = "0"
+            self.signing_key.alg = syutil.crypto.signing_key.NACL_ED25519
+
+            save_key = True
+        else:
+            self.signing_key = syutil.crypto.signing_key.decode_signing_key_base64(
+                sk_parts[0],
+                sk_parts[1],
+                sk_parts[2]
+            )
 
-            self.signing_key = nacl.signing.SigningKey.generate()
-            self.signing_key.version = '0' # temp fix for api change
-            skHex = self.signing_key.encode(encoder=nacl.encoding.HexEncoder)
-            self.sydent.cfg.set('crypto', 'ed25519.signingkey', skHex)
+        if save_key:
+            sk_str = "%s %s %s" % (
+                self.signing_key.alg,
+                self.signing_key.version,
+                syutil.crypto.signing_key.encode_signing_key_base64(self.signing_key)
+            )
+            self.sydent.cfg.set('crypto', 'ed25519.signingkey', sk_str)
             self.sydent.save_config()
+            logger.info("Key saved")